Monday, April 5, 2010

CHAPTER 4 ETHICS AND INFORMATION SECURITY

CHAPTER 4 ETHICS AND INFORMATION SECURITY


1. Explain the ethical issues surrounding information technology?

• Intellectual property- The collection of rights that protect creative an intellectual effort.
• Copyright- The executive right to do so, or omit to do so, certain acts with intangible property such as a song, video game and some types of proprietary documents.
• Fair use doctrine- In certain situations, it is legal to use copyrighted material.
• Pirated software- The unauthorized use, duplication, distribution, or sale of copyrighted software.
• Counterfeit software- Software that is manufactured to look like the real thing and solid as such.

2. Describe the relationship between an ‘email- privacy policy’ and an ‘Internet use policy’?

Organisations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy. Email privacy policy details the extent to which email messages may be read by others. On the other hand, internet use policy contains general principles to guide the proper use of the internet within an organization. The policy
• Describes the available Internet services
• Defines the purpose and restriction of Internet access
• Complements the ethical computer use policy
• Describes user responsibilities
• States the ramification for violations


















































3. Summarize the five steps to creating an information security plan?

a) Develop the information security policies- Identify who is responsible and accountable for designing and implementing the organization’s information security policies.

b) Communicate the information security policies- Train all employees on the policies and establish clear expectations for following the policies.

c) Identify critical information assets and risks- Require the use of user ID’s, passwords and antivirus software on all systems.

d) Test and re-evaluate risks- Continually perform security review, audits, background checks and security assessments.

e) Obtain stakeholder support- Gain the approval and support of the information security policies from the board of directors and all stakeholders.
































4. What do the terms authentication and authorization mean, how do they differ, provide some examples of each term?

Authentication is a method for confirming users’ identities. Once a system determines the authentication of a user, it can then determine the access privileges (or authorization) for that user. Example includes password based authentication and device based authentication whereas, authorisation is the process of giving someone permission to do or have something. Examples include using group permissions or the difference between a normal user and the superuser on a unix system. In a multiple user computer systems, user access or authorization determines such things as file access, hours of access and amount of allocated storage space. Authentication and authorization techniques are broken down into three categories, and the most secure type involves a combination of all three:
• Something the user knows, such as a user ID and password.
• Something the user has, such as a smart card or token.
• Something that is part of the user, such as a fingerprint or voice signature.
For further reference http://www.acm.uiuc.edu/workshops/security/auth.html





































5. What are the five main types of Security risks, suggest one method to prevent the severity of risk?

a) Human Error- Not malicious, by humans.

b) Natural Disasters- Floods, earthquakes and terrorist attack.

c) Technical Failures- Software Bugs and hardware crashes.

d) Deliberate Acts- Sabotage and white collar crime.

e) Management Failure- Lack of procedure, documentation and training.

Prevention:
• Strong Password- letters and numbers
• Password Policy- change passwords regularly





































FOR ALL REFERENCES TO IMAGES

http://www.westga.edu/assetsDept/policy/securecomp.JPG
http://images.google.com.au/imgres?imgurl=http://download.oracle.com/docs/cd/B10468_13/tour/b10374/img/mgt1_09.gif&imgrefurl=http://download.oracle.com/docs/cd/B10468_13/tour/b10374/security006.htm&usg=__s67PokUpdXeHPp9reqSkdqINFho=&h=375&w=498&sz=33&hl=en&start=2&itbs=1&tbnid=FhU_PkoAYcoD4M:&tbnh=98&tbnw=130&prev=/images%3Fq%3DAUTHENTICATION%2BAND%2BAUTHORIZATION%26hl%3Den%26sa%3DG%26gbv%3D2%26tbs%3Disch:1
http://images.google.com.au/imgres?imgurl=http://www.filetransit.com/images/screen/70d4d972aa696706dd66a099cd4f0b68_Network_Security_Map_Poster.gif&imgrefurl=http://www.filetransit.com/screenshot.php%3Fid%3D26800&usg=__sKbLkK6NvkWQiiwxJspGGt1aDU4=&h=499&w=700&sz=72&hl=en&start=13&itbs=1&tbnid=uzS0dMdhpYRspM:&tbnh=100&tbnw=140&prev=/images%3Fq%3DSECURITY%2BRISKS%26hl%3Den%26gbv%3D2%26tbs%3Disch:1
http://blog.wordtothewise.com/wp-content/uploads/2009/11/PrivacyPolicy_car1.jpg
http://thejournal.com/images/news/20080814-chart3.jpg
at No comments:

CHAPTER 3 E- BUSINESS

CHAPTER 3 E-BUSINESS

1.What is an IP Address? What is its main function?

IP address is the basic communication language or protocol of the internet. It can also be used as a communications protocol in a private network. Each computer on the internet has an IP address these can either be private or public however every address must be unique. Domain Name System is used to translate a url into an IP address for example The number 256 is a limitation of the fact that only 8 binary digits or "bits" are used in each address component. (For the mathematically minded, 28 = 256). eg. The IP range 203.19.80.0 - 203.19.87.255 has been assigned to UNDA. The total number of IP addresses is thus just over 4 billion (4,294, 967,296).




2. What is Web 2.0, how does it differ from 1.0?
WEB 1.0 WEB 2.0
Double click Google Adsense
Ofoto Flickr
Akamai Bittorrent
Mp3.Com Napster
Britannica Online Wikipedia
Personal Websites Blogging
Evite Upcoming.Org and EDVB
Domain Name Speculation Search Engine Optimisation
Page Views Cost Per Click
Screen scrapping Web Services
Publishing Participation
Content Management Systems Wikis
Directories (Taxonomy) Tagging
Stickiness Syndication


3. What is Web 3.0?
Web 3.0 uses the concept of Tagging to build information about you, your devices talk to each other and build intelligence about you and is a semantic web which encompasses the following:
• Transforming the web into a database
• An evolutionary path to artificial intelligence
• Search for information using different medias
• Evolution toward 3D






































4.Describe the different methods an organisation can use to access information?

The four common tools for accessing Internet information include:
1. Intranet- An intranet is an internalized portion of the Internet, protected from outside access, that allows an organisation to provide access to information and application software to only its employees. An intranet is an invaluable tool for presenting organizational information as it provides a central location for employees. It can host all kinds of company-related information such as benefits, entitlements, schedules, strategic directions and employee directories.

2. Extranet- An extranet is an intranet that is available to strategies allies (such as customers, suppliers and partners). Many companies are building extranets as they begin to realize the benefit of offering individuals outside the organisation access to intranet-based information and application software such as order processing. Having a common area where employees, partners, vendors and customers access information can be a major competitive advantage for an organisation.

3. Portal- A portal is a website that offers a broad array of resources and services, such as email, online discussion groups, search engines and online shopping malls.
4. Koisk- A kiosk is a publicly accessible computer system that has been set up to allow interactive information browsing. In a kiosk, the computer’s operating system has been hidden from view, and the program runs in a full-screen mode, which provides a few simple tools for navigation.

5.What is e-Business, how does it differ from eCommerce?

E-business derived from e-commerce, is the conducting of business on the Internet, including buying and selling, serving customers and collaborating with business partners. The primary difference between e-commerce and e-business is that e-business also refers to online exchanges of information, such as a manufacturer allowing its suppliers to monitor production schedules or a financial institution allowing its customers to review their banking, credit card and mortgage accounts. Whereas, e-commerce is the buying and selling of goods and services online as well as to do business and transactions online as well.

6. List and describe the various e-Business models? (Hint: B2B)

a) Business-to business (B2B) - Business-to-business applies to businesses buying from and selling to each other over the Internet. Online access data, including expected shipping date, delivery date and shipping status, provided either by the seller or a third party provider, is widely supported by B2B models.

b) Business-to-consumer (B2C) – Business-to-consumer applies to any business that sells its products or services to consumers over the Internet. Corporate Express is a leading B2B distributor of business products, including IT products, office supplies, furniture, print, promotional products, and canteen and facilities supplies.

c) Consumer-to-business (C2B) applies to any consumer that sells a product or service to a business over the Internet. Examples of this e-business model are a web master offering advertising services on Amazon.com. An intermediary is used in the C2B model. The demand for C2B e-business will increase over the next few years due to customers’ desire for greater convenience and lower prices.

d) Consumer-to-consumer (C2C) applies to sites primarily offering goods and services to successful C2C online auction website, links like-minded buyers and sellers for a small commission. C2C online communities or virtual communities, interact via email groups, web based discussion forums or chat rooms. C2C business models are consumer–driven and opportunities are available to satisfy most consumers’ needs, ranging form finding a mortgage to job hunting.





































7. List 3 metrics would you use if you were hired to assess the effectiveness and the efficiency of an e-Business web site?

• Cookie- a small file deposited on a hard drive by a website containing information about customers and their web activities.

• Click-through- a count of the number of people who visit one site and click on an advertisement that takes them to the site of the advertiser.

• Banner ad- advertises the products and services of another business, usually another dotcom business.
8. Outline 2 opportunities and 2 challenges faced by companies doing business online?
BENEFITS:

• Highly accessible- Businesses can operate 24 hours a day, 7 days a week, 365 days a year.

• Increased customer loyalty- Additional channels for contacting, responding and to accessing customers helps contribute to customer loyalty.
CHALLENGES:

• Protecting consumers- Consumers must be protected against unsolicited goods and communication, illegal or harmful goods, insufficient information about goods or their suppliers, invasion of privacy and cyberfraud.

• Leveraging existing systems- Most companies already use information technology to conduct business in non-Internet environments, such as marketing, order management, billing, inventory, distribution, and customer service.
For further information
http://www.ebizstrategy.org/Research/resources/538_Sp02/ERP_files/Untitled-3.gif
http://newtoncom425.files.wordpress.com/2009/11/web3-0.jpg
at No comments:

CHAPTER 2 STRATEGIC DECISION MAKING

CHAPTER 2 STRATEGIC DECISION MAKING

1. Define TPS & DSS, and explain how an organisation can use these systems to make decisions and gain competitive advantages.

A transaction processing system (TPS) is the basic business system that serves the operational level (analysts) in an organisation. The most common example of a TPS is an operational accounting system such as a payroll system or an order-entry system. Transaction information encompasses all of the information contained within a single business process or unit of work, and its primary purpose is to support the performing of daily operational tasks. Organisations use transactional information when performing operational tasks and repetitive decisions such as analysing daily sales report to determine how much inventory to carry. The TPS supplies transaction based data to the DSS. The DSS summarises and aggregates the information from the many different TPS systems, which assists managers in making informed decisions. A major difference between TPS and DSS is the general purpose of each type of system. TPS are designed to expedite and automate transaction processing, record keeping, and simple business reporting of transactions.
































2. Describe the three quantitative models typically used by decision support systems.

Three quantitative models often used by DSS include:
• Sensitivity analysis, which is the study of the impact that changes in one (or more) parts of the model have on other parts of the model. Users change the value of one variable repeatedly and observe the resulting changes in other variables.
• What-if analysis, which checks the impact of a change in an assumption on the proposed solution. For example, ‘What will happen to the supply chain if a cyclone off Brisbane reduces holding inventory from 30 percent to 10 percent?’ Users repeat this analysis until they understand all the effects of various situations. The tool is calculating the effect of 35 per cent increase in sales on the company’s bottom line.
• Goal-seeking analysis, which finds the inputs necessary to achieve a goal such as a desired variable affect other variables as in what-if analysis, goal seeking anaysis sets a target value (a goal) for a variable and then repeatedly changes other variables until the target value is achieved. For example, ‘How many customers are required to purchase a new product to increase gross profits to $5 million?’ The model is determining how many bikes Hauger will need to sell to break even, or achieve a profit of O: Hauger will need to sell 46 bikes at $3500 each to break even.



































3. Describe a business processes and their importance to an organisation.

A business process is a standardised set of activities that accomplish a specific task, such as processing a customer’s order. Business processes transform a set of inputs into a set of outputs (goods or services) for another person or process by using people and tools. Examining business processes helps an organisation to anticipate bottlenecks, eliminate duplicate activities, combine related activities, and identify smooth-running processes. To stay competitive, organisations must optimise and automate their business processes. Organisations are only as effective as their business processes. Developing logical business processes can help an organisation achieve its goals. Some processes (such as programming process) may be continued wholly within a single department. However, most processes (such as ordering a product) are cross departmental, spanning the entire organisation. Customer-facing processes result in a product or service that is received by an organisation’s external customer. Business facing processes are invisible to the external customer but essential to the effective management of the business and include goal setting, day-to-day planning, performance feedback, rewards, and resource allocation.

4. Compare business process improvement and business process re-engineering.

Business Process improvement is a systematic methodology developed to help an organization make significant advances in the way its business process operate. It will provide a system that will aid in simplifying and streamlining operations, while ensuring that both internal and external customers receive surprisingly good output. The main objective is to ensure that the organization has business processes that eliminate errors, minimize delays, maximise the use of assets, promote understanding, are easy to use, are customer friendly, are adaptable to customers’ changing needs, provide the organization with a competitive advantage and reduce excess head count. The five phases of BPI are organizing for improvement, understanding the process, streamlining, measurements and controls and continuous improvement. Business process re-engineering is the analysis and redesign of workflow within and between enterprises. BPR assumes that the current process is irrelevant, does not work, or is broken and must be overhauled from scratch. Carrying out BPI is a project, so all principles of project management apply.
 The first step in BPI is to define the existing structure and process at play (AS-IS).
 Then, the BPI process owners should determine what outcomes would add value to the organization's objectives and how best to align its processes to achieve those outcomes (TO-BE).
 Once the outcomes are determined, the organization's work force needs to be re-organized to meet the new objectives, using the variety of tools available within the BPI methodology.
Reengineering recognizes that an organization's business processes are usually fragmented into subprocesses and tasks that are carried out by several specialized functional areas within the organization. Often, no one is responsible for the overall performance of the entire process. Reengineering maintains that optimizing the performance of subprocesses can result in some benefits, but cannot yield dramatic improvements if the process itself is fundamentally inefficient and outmoded. For that reason, reengineering focuses on redesigning the process as a whole in order to achieve the greatest possible benefits to the organization and their customers. This drive for realizing dramatic improvements by fundamentally rethinking how the organization's work should be done distinguishes reengineering from process improvement efforts that focus on functional or incremental improvement.















































5. Describe the importance of business process modelling (or mapping) and business process models.

Business process modelling (or mapping) is the activity of creating a detailed flowchart or process map of a work process, showing its inputs, tasks and activities in a structured sequence. A business process model is a graphic description of a process, showing the sequence of process tasks, which is developed for a specific purpose and from a selected viewpoint. A set of one or more process models details the many functions of a system or subject area with graphics and text. The purpose of a process model is to expose process detail gradually and in a controlled manner; encourage conciseness and accuracy in describing the process model; focus attention on the process model interfaces; provide a powerful process analysis and consistent design vocabulary. A business process model typically displays activities as boxes and uses arrows to represent data and interfaces. The aim of modelling is to illustrate a complete process, enabling managers, consultants and staff to improve the flow and streamline the process.
The outcomes of a business process modelling project are essentially:
• value for the customer, and
• reduced costs for the company,
• leading to increased profits.
Other secondary consequences arising from successful Business Process Modelling can be increased competitive advantage, market growth, and better staff morale and retention. There are no absolute rules for the scope or extent of a Business Process Model in terms of departments and activities covered. Before committing lots of resources to Business Process Modelling proper consideration should be given to the usefulness and focus of the exercise - ask the questions:
Does the modelling have the potential to produce gains that will justify the time and effort?
Will the modelling be structured so that people will understand the outputs (not too big and complex as to be self-defeating)?
Do people understand why we are doing it, and "what's in it for them"?
As with other management tools, there is no point producing a fantastically complex model that no-one can understand or use, just as it is a bit daft to spend hundreds of hours analysing anything which is of relatively minor significance. Business Process Modelling is a powerful methodology when directed towards operations which can benefit from improvement, and when people involved are on-board and supportive. Adding value for customers, whether internal or external customers, is at the centre of a Business Process Model. It starts with a customer need and ends with the satisfaction of that need. Unlike a workflow diagram, which is generally focused on departmental activities, a BPM spans departments and the whole organisation.




























For further information
http://en.wikipedia.org/wiki/Business_process_reengineering
http://images.google.com.au/imghp?hl=en&tab=wi
http://en.wikipedia.org/wiki/Business_process_improvement
http://www.businessballs.com/business-process-modelling.htm
at No comments:

CHAPTER 1 INFORMATION SYSTEMS IN BUSINESS

CHAPTER 1 INFORMATION SYSTEMS IN BUSINESS

1. Explain information technology’s role in business and describe how you measure success?

Information technology has become an important part of organisations’ strategy, competitive advantage and profitability. There is management pressure to build systems faster, better and at minimum cost. The return on investment that an organisation can achieve from the money it spends on IT has come under increased scrutiny from senior business executives and directors. Consequently, IT now has to operate like other parts of the organisation, being aware of its performance and its contribution to the organisation’s success and opportunities for improvement. The first thing managers need to understand about It success is that it is incredibly difficult to measure. Key performance indicators (KPIs) are the maeasures that aree tied to busness drivers. Metrics are the detailed measures that feed those KPIs. Performance metrics fall into a nebulous area of business intelligemnce that is neither technology- nor business- centred., but this area requires input from both IT and business professionals to find success. Efficiency and effectiveness metrics are two primary types of It metrics. Efficiency IT metrics measure the performance of the IT system itself, such as throughput, speed and availability. Effectiveness IT metrics measure the impact IT has on business processes and activities, including customer satisfaction, conversion rates and sell through increases. Efficiency focuses on the extent to which an organisation is using its resources in an optimal way, while effectiveness focuses on how well an organisation is achieving its goals and objectives. The two- efficiency and effectiveness- are definitely interrelated. However, success on one area does not necessarily imply success on the other. Benchmarking- baseline metrics is a process of continuously measuring system results, comparing those results to optimal system performance (benchmark values), and identifying steps and procedures to improve system performance. Regardless of what is measured, how it is measured, and whether it is for the sake of efficiency or effectiveness, there must be benchmarks or baseline values that the sytem seeks to attain.























2. List and describe each of the forces in Porter’s Five Forces Model?

1. Buyer Power- A producing industry requires raw materials – labor, components and other supplies. This requirement leads to buyer-supplier relationships between the industry and the firms that provide the raw materials used to create products. Suppliers, if powerful can exert an influence on the producing industry, such as selling raw materials at a high price to capture some of the industry’s profits.

2. Supplier Power- A supply chain consists of all parties involved, directly or indirectly, in the procurement of a product or raw material. In a typical supply chain, an organisation will probably be both a supplier (to customers) and a customer (of other supplier organizations). Buyer- supplier relationships occur when a company (buyer) purchases raw materials from other companies or individuals (suppliers). Supplier power is high when one supplier has concentrated power over an industry. If supplier power is high, the supplier can directly influence the industry by charging higher prices, limiting quality or services and shifting costs to industry participants. Typically when a supplier raises prices the buyers will pass on the increase in price to their customers by raising prices on the end-product. When supplier power is high, buyers lose revenue because they cannot pass on the price increase to their customers. One tactic a company can adopt to decrease the power of it’s suppliers is to use standardized parts so that it can easily switch suppliers.

3.Threat of substitute products or services- The threat of substitute products or services is high when there are a few alternatives from which to choose. Ideally, an organisation would like to be in a market in which there are a few substitutes for the products or services it offers. Of course that is seldom possible today, but an organisation can still create a competitive advantage by using switching costs.

4.Threat of new entrants- The threat of new entrants is high when it is easy for new competitors to enter a market and low when there are significant barriers to entering a market. An entry barrier is a product or service feature that customers have come to expect from organizations in a particular industry and which must therefore be offered by an organisation entering the industry, in order to compete and survive.

5. Rivalry among existing competitors- This is high when competition is fierce in a market and low when competition is more complacent. Although competition is always more intense in some industries than in others, the overall trend is towards increased competition in almost every industry. The retail grocery industry is intensively competitive, with the main chains being Coles and Woolworths in Australia, and Woolworths and New World in New Zealand. Most supermarkets chains implement loyalty programs to provide customers with special discounts while the store gathers valuable information on their purchasing habits. One way to reduce rival power is by using switching costs. Switching costs are costs that can make customers reluctant to switch to another product or service. A switching cost need not have an associated monetary cost. A company can also reduce competition from it’s rivals by creating products that are significantly different from its competitors’ products.





































3.Compare Porter’s three generic strategies?

The three generic strategies are:-
1. Broad Cost Leadership-
The low cost leader in any market gains competitive advantage from being able to many to produce at the lowest cost. Factories are built and maintained, labor is recruited and trained to deliver the lowest possible costs of production. 'cost advantage' is the focus. Costs are shaved off every element of the value chain. Products tend to be 'no frills.' However, low cost does not always lead to low price. Producers could price at competitive parity, exploiting the benefits of a bigger margin than competitors. Some organizations, such as Toyota, are very good not only at producing high quality autos at a low price, but have the brand and marketing skills to use a premium pricing policy.

2. Broad Differentiation-
Differentiated goods and services satisfy the needs of customers through a sustainable competitive advantage. This allows companies to desensitize prices and focus on value that generates a comparatively higher price and a better margin. The benefits of differentiation require producers to segment markets in order to target goods and services at specific segments, generating a higher than average price. For example, British Airways differentiates its service.
The differentiating organization will incur additional costs in creating their competitive advantage. These costs must be offset by the increase in revenue generated by sales. Costs must be recovered. There is also the chance that any differentiation could be copied by competitors. Therefore there is always an incentive to innovated and continuously improve.

3. Focused or Niche strategy-
The focus strategy is also known as a 'niche' strategy. Where an organization can afford neither a wide scope cost leadership nor a wide scope differentiation strategy, a niche strategy could be more suitable. Here an organization focuses effort and resources on a narrow, defined segment of a market. Competitive advantage is generated specifically for the niche. A niche strategy is often used by smaller firms. A company could use either a cost focus or a differentiation focus.
With a cost focus a firm aims at being the lowest cost producer in that niche or segment. With a differentiation focus a firm creates competitive advantage through differentiation within the niche or segment. There are potentially problems with the niche approach. Small, specialist niches could disappear in the long term. Cost focus is unachievable with an industry depending upon economies of scale e.g. telecommunications.







































4. Describe the relationship between business processes and value chains?
A business process is a standardized set of activities that accomplish a specific task, such as processing a customer’s order. An organisation creates value by performing a series of activities that Porter identified as the value chain. The value chain approach views an organisation as a series of processes, each of which adds value to the product or service for each customer. To create a competitive advantage, the value chain must enable the organisation to provide unique value to its customers. In addition to the firm’s own value-creating activities, the firm operates in a value system of vertical activities including those of upstream supplier and downstream channel members. To achieve a competitive advantage, the firm must perform one or more value creating activities in a way that creates more overall value than do competitors. Added value is created through lower costs or superior benefits to the customer (differentiation). Value chain analysis, is a highly useful tool, provides hard and fast numbers for evaluating the activities that add value to products and services. An organisation can find additional value by analyzing and constructing its value chain in terms of Porters Five Forces. A company can implement its selected strategy by means of programs, budgets and procedures. Implementation involves organisation of the firm’s resources and motivation of the employees to achieve objectives. How the company implements its chosen strategy can have a significant impact on its success. In a large company, the personnel implementing the strategy are usually different from those formulating the strategy. For this reason, proper communication of the strategy is critical. Failure can result if the strategy misunderstood or if lower level managers resist its implementation because they do not understand the process for selecting the particular strategy. An organisation must continually adapt to its competitive environment, which can cause its business strategy to change. To remain successful, an organisation should use Porter’s Five Forces, the three generic strategies and value chain analysis to adopt new business strategies.










































For further information www.quickmba.com/strategy/porter.shtml

www.valuebasedmanagement.net/methods_porter_five_forces.html

en.wikipedia.org/wiki/Porter_five_forces_analysis
at No comments: